EP3637718B1 - Procédé et système d'identification permettant d'identifier une circulation suspecte - Google Patents
Procédé et système d'identification permettant d'identifier une circulation suspecte Download PDFInfo
- Publication number
- EP3637718B1 EP3637718B1 EP18199697.6A EP18199697A EP3637718B1 EP 3637718 B1 EP3637718 B1 EP 3637718B1 EP 18199697 A EP18199697 A EP 18199697A EP 3637718 B1 EP3637718 B1 EP 3637718B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- exchanged
- information
- artificial intelligence
- network simulator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 13
- 238000013473 artificial intelligence Methods 0.000 claims description 60
- 238000012360 testing method Methods 0.000 claims description 35
- 238000007689 inspection Methods 0.000 claims description 28
- 230000011664 signaling Effects 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000010801 machine learning Methods 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000000153 supplemental effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Claims (7)
- Procédé pour identifier un trafic suspect, comprenant les étapes suivantes :- établir une communication entre un dispositif sous test (12) et un simulateur de réseau (14) ;- surveiller, par le simulateur de réseau (14), des données échangées entre le dispositif sous test (12) et le simulateur de réseau (14), dans lequel au moins une partie des données échangées est chiffrée ;- identifier le type d'application qui provoque l'échange de données au moyen d'un module d'inspection approfondie des paquets (18), dans lequel le module d'inspection approfondie des paquets (18) utilise au moins une partie des informations d'en-tête des données échangées pour identifier le type d'application qui provoque l'échange de données ; et- utiliser des données préenregistrées, par un module d'intelligence artificielle (16) connecté au simulateur de réseau (14), pour identifier des données malveillantes au sein des données échangées, dans lequel le module d'intelligence artificielle (16) utilise des informations de signalisation, des informations de protocole Internet et des informations d'inspection approfondie des paquets pour identifier des paquets inattendus dans les données échangées et le type de contenu de trafic sans déchiffrer les données échangées en utilisant des informations directement accessibles.
- Procédé selon la revendication 1, dans lequel la totalité des données échangées sont chiffrées.
- Procédé selon la revendication 1 ou 2, dans lequel le module d'intelligence artificielle (16) est entraîné par apprentissage machine.
- Procédé selon l'une quelconque des revendications précédentes, dans lequel les informations respectives sont utilisées pour identifier un certain modèle dans les paquets afin d'identifier le type de données échangées.
- Procédé selon l'une quelconque des revendications précédentes, dans lequel le simulateur de réseau (14) est connecté à Internet (20).
- Système d'identification (10) pour identifier un trafic suspect, comprenant un dispositif sous test (12) et un simulateur de réseau (14), dans lequel le simulateur de réseau (14) est configuré pour surveiller des données échangées entre le dispositif sous test (12) et le simulateur de réseau (14), dans lequel un module d'inspection approfondie des paquets (18) est pourvu qui est configuré pour identifier le type d'application qui provoque l'échange de données en utilisant au moins une partie des informations d'en-tête des données échangées, dans lequel au moins une partie des données échangées est chiffrée et un module d'intelligence artificielle (16) est connecté au simulateur de réseau (14), dans lequel le module d'intelligence artificielle (16) est configuré pour utiliser des données préenregistrées pour identifier des données malveillantes au sein des données échangées, et dans lequel le module d'intelligence artificielle (16) est configuré pour utiliser des informations de signalisation, des informations de protocole Internet et des informations d'inspection approfondie des paquets pour identifier des paquets inattendus dans les données échangées et le type de contenu de trafic sans déchiffrer les données échangées en utilisant les informations directement accessibles.
- Système d'identification (10) selon la revendication 6, dans lequel le simulateur de réseau (14) est connecté à Internet (20).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18199697.6A EP3637718B1 (fr) | 2018-10-10 | 2018-10-10 | Procédé et système d'identification permettant d'identifier une circulation suspecte |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18199697.6A EP3637718B1 (fr) | 2018-10-10 | 2018-10-10 | Procédé et système d'identification permettant d'identifier une circulation suspecte |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3637718A1 EP3637718A1 (fr) | 2020-04-15 |
EP3637718B1 true EP3637718B1 (fr) | 2022-03-30 |
Family
ID=63840609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18199697.6A Active EP3637718B1 (fr) | 2018-10-10 | 2018-10-10 | Procédé et système d'identification permettant d'identifier une circulation suspecte |
Country Status (1)
Country | Link |
---|---|
EP (1) | EP3637718B1 (fr) |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7770223B2 (en) * | 2001-04-12 | 2010-08-03 | Computer Associates Think, Inc. | Method and apparatus for security management via vicarious network devices |
US8539221B2 (en) * | 2009-03-27 | 2013-09-17 | Guavus, Inc. | Method and system for identifying an application type of encrypted traffic |
US10805338B2 (en) * | 2016-10-06 | 2020-10-13 | Cisco Technology, Inc. | Analyzing encrypted traffic behavior using contextual traffic data |
-
2018
- 2018-10-10 EP EP18199697.6A patent/EP3637718B1/fr active Active
Also Published As
Publication number | Publication date |
---|---|
EP3637718A1 (fr) | 2020-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10944796B2 (en) | Network slice-based security in mobile networks | |
Rupprecht et al. | IMP4GT: IMPersonation Attacks in 4G NeTworks. | |
Molavi Kakhki et al. | Identifying traffic differentiation in mobile networks | |
US9185093B2 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
US10462653B1 (en) | Service-based security per data network name in mobile networks | |
US20200045073A1 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
JP7410343B2 (ja) | モバイルネットワークにおけるネットワークスライスベースのセキュリティ | |
US10812972B2 (en) | Service-based security per user location in mobile networks | |
US11689502B2 (en) | Securing control and user plane separation in mobile networks | |
CN113259943B (zh) | 一种电力无线专网异常流量分析阻断方法及系统 | |
US10531305B1 (en) | Service-based security per subscription and/or equipment identifiers in mobile networks | |
KR102171348B1 (ko) | 어플리케이션 검출 방법 및 장치 | |
US20080192641A1 (en) | Automatic discovery of blocking access-list ID and match statements in a network | |
CN109743314A (zh) | 网络异常的监控方法、装置、计算机设备及其存储介质 | |
Valente et al. | Privacy and security in Internet-connected cameras | |
Sou et al. | Random packet inspection scheme for network intrusion prevention in LTE core networks | |
CN114390049A (zh) | 一种应用数据获取方法及装置 | |
CN114499915A (zh) | 一种虚拟节点与蜜罐结合的诱捕攻击方法、装置及系统 | |
EP3637718B1 (fr) | Procédé et système d'identification permettant d'identifier une circulation suspecte | |
KR101426464B1 (ko) | 이동통신장치에서 서비스 품질정보 파라메터를 추출하는방법 및 장치 | |
US11489865B2 (en) | Control device, communication system, control method, and computer program | |
WO2022199867A1 (fr) | Procédés et appareils pour fournir un résultat analytique concernant un trafic de transmission tunnel à une fonction de réseau consommateur | |
US20190394117A1 (en) | Edge networking devices and systems for identifying a software application | |
US11943248B1 (en) | Methods, systems, and computer readable media for network security testing using at least one emulated server | |
KR102062718B1 (ko) | 패킷 가상화를 이용한 IoT 허니넷 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20201013 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20220104 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CY CZ DE DK EE ES FI FR GB GR HR HU IS IT LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CY CZ DE DK EE ES FI FR GB GR HR HU IS IT LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602018032880 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1480223 Country of ref document: AT Kind code of ref document: T Effective date: 20220415 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220630 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220630 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20220330 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1480223 Country of ref document: AT Kind code of ref document: T Effective date: 20220330 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220701 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220801 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220730 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602018032880 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20230103 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20221031 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221010 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221031 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20231025 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20231023 Year of fee payment: 6 Ref country code: DE Payment date: 20231018 Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20181010 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220330 |